PT-2026-37116

Name of the Vulnerable Software and Affected Versions OpenTelemetry.Exporter.OneCollector versions prior to 1.15.1 Description When exporting telemetry to a back-end or collector over HTTP, the HttpJsonPostTransport class reads the entire response body into memory without an upper bound if the...

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities allow attackers to influence the target URL of Axios requests, enabling them to bypass the NOPROXY protection by using any address within the...

Axios 安全漏洞

Axios is an open-source HTTP client developed by Axios. Versions prior to Axios 1.15.1 and 0.31.1 contain security vulnerabilities. These vulnerabilities stem from the XSRF token protection logic, which uses JavaScript truth/false value semantics instead of strict boolean comparisons. This leads ...

PT-2026-35050

Name of the Vulnerable Software and Affected Versions Axios versions prior to 1.15.1 Axios versions prior to 0.31.1 Description The library is susceptible to a Prototype Pollution Gadget attack. This occurs because the validateStatus configuration property utilizes the mergeDirectKeys merge...

CVE-2025-69201 Tugtainer has RCE in Agent Command Execution Api

Tugtainer is a self-hosted app for automating updates of docker containers. In versions prior to 1.15.1, arbitary arguments can be injected in tugtainer-agent POST api/command/run. Version 1.15.1 fixes the issue...

AZL-79064 CVE-2020-24553 affecting package golang 1.25.7-1

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...

UBUNTU-CVE-2020-24553

Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header...